/**
* Returns a decrypted SAML 2.0 {@code Assertion} from the specified SAML 2.0 encrypted {@code
* Assertion}.
*
* @param ssoAgentX509Credential credential for the resolver
* @param encryptedAssertion the {@link EncryptedAssertion} instance to be decrypted
* @return a decrypted SAML 2.0 {@link Assertion} from the specified SAML 2.0 {@link
* EncryptedAssertion}
* @throws SSOException if an error occurs during the decryption process
*/
protected static Assertion decryptAssertion(
SSOX509Credential ssoAgentX509Credential, EncryptedAssertion encryptedAssertion)
throws SSOException {
try {
KeyInfoCredentialResolver keyResolver =
new StaticKeyInfoCredentialResolver(
new X509CredentialImplementation(ssoAgentX509Credential));
EncryptedKey key =
encryptedAssertion
.getEncryptedData()
.getKeyInfo()
.getEncryptedKeys()
.stream()
.findFirst()
.get();
Decrypter decrypter = new Decrypter(null, keyResolver, null);
SecretKey decrypterKey =
(SecretKey)
decrypter.decryptKey(
key, encryptedAssertion.getEncryptedData().getEncryptionMethod().getAlgorithm());
Credential shared = SecurityHelper.getSimpleCredential(decrypterKey);
decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null);
decrypter.setRootInNewDocument(true);
return decrypter.decrypt(encryptedAssertion);
} catch (DecryptionException e) {
throw new SSOException("Decrypted assertion error", e);
}
}
public Assertion decrypt(EncryptedAssertion enc, Credential credential)
throws DecryptionException {
KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(credential);
EncryptedKey key = enc.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0);
Decrypter decrypter = new Decrypter(null, keyResolver, null);
SecretKey dkey =
(SecretKey)
decrypter.decryptKey(key, enc.getEncryptedData().getEncryptionMethod().getAlgorithm());
Credential shared = SecurityHelper.getSimpleCredential(dkey);
decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null);
return decrypter.decrypt(enc);
}
/**
* Get Decrypted Assertion
*
* @param encryptedAssertion
* @return
* @throws Exception
*/
private Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) throws Exception {
X509Credential credential = new X509CredentialImpl(tenantDomain, null);
KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(credential);
EncryptedKey key = encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0);
Decrypter decrypter = new Decrypter(null, keyResolver, null);
SecretKey dkey =
(SecretKey)
decrypter.decryptKey(
key, encryptedAssertion.getEncryptedData().getEncryptionMethod().getAlgorithm());
Credential shared = SecurityHelper.getSimpleCredential(dkey);
decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null);
decrypter.setRootInNewDocument(true);
return decrypter.decrypt(encryptedAssertion);
}
/**
* Get Decrypted Assertion
*
* @param encryptedAssertion
* @return
* @throws Exception
*/
protected Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion)
throws SSOAgentException {
try {
KeyInfoCredentialResolver keyResolver =
new StaticKeyInfoCredentialResolver(
new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
EncryptedKey key =
encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0);
Decrypter decrypter = new Decrypter(null, keyResolver, null);
SecretKey dkey =
(SecretKey)
decrypter.decryptKey(
key, encryptedAssertion.getEncryptedData().getEncryptionMethod().getAlgorithm());
Credential shared = SecurityHelper.getSimpleCredential(dkey);
decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null);
decrypter.setRootInNewDocument(true);
return decrypter.decrypt(encryptedAssertion);
} catch (Exception e) {
throw new SSOAgentException("Decrypted assertion error", e);
}
}
